Delighting Users with ExtraHop 5.0

ExtraHop's CEO talks about the new platform and the democratization of big data

The technology that enables what is called Big Data is now commoditized—no longer proprietary black magic, but in everybody's hands.

Jesse RothsteinCEO,
ExtraHop Networks

Every new release of the ExtraHop platform marks a major milestone for innovation in our industry. Version 5.0 of the ExtraHop platform goes above and beyond by anticipating the needs of our users, and I'm truly excited to get it into their hands.

We've backed our new feature set with a careful study of the points of friction in workflows and day-to-day tasks. ExtraHop 5.0 aims to delight by solving our users' most pressing needs in ways that they have not imagined, no mean feat for a forward-looking and savvy IT community.

"I know how I got here."

When describing ExtraHop, I've often said that it's like Google Earth for your network. You have the ability to start from a high-level overview of all activity, browse laterally across tiers, and then zoom in to transaction-level details. While these capabilities are powerful, it's easy to keep following the white rabbit until you're lost in Wonderland.

In version 5.0 of the ExtraHop platform, we've added navigation features so that users always know exactly where they are in the reporting UI and how they got there. We have classified all pages in the UI according to a strict information architecture, which is reflected in the new active breadcrumb element. The Recent Pages feature guides you if you need to retrace your path and jump back several steps. In addition to helping you find your way, these features also enable you to quickly toggle between pages and pivot across servers or applications to compare activity.

An even easier-to-use Google Earth for your network with the new Recent Pages feature.

"I can click to get all details of a transaction."

Datastores are not one-size-fits-all and must be fitted to match access patterns. The streaming datastore in the ExtraHop Discover appliance—which has been known previously as simply "the ExtraHop"—records summary metrics from streaming data better than just about anything else in the world. The streaming datastore is specialized for indexing and storing time-sequenced data at high speed, bypassing the filesystem to read from and write to block devices directly. Our users love the speed with which they can roll up and chart metrics across different time intervals. The ExtraHop platform stores thousands of different types of summary metrics and even allows users to record custom metrics.

Due to the practical limitations primarily around the amount of storage in a single appliance, with previous versions, the flow and transaction records would have to be sent to an external system to retrieve additional detail. In version 5.0 of the ExtraHop platform, we've developed a new solution that gives our users the power and visibility of ExtraHop from start to finish.

As our latest game-changer, we've introduced ExtraHop Explore, a new appliance for deeper drilldown. The ExtraHop Explore appliance scales horizontally and is tightly integrated into our reporting UI, creating an experience that offers the best of both worlds—fast summary metrics and indexing and retrieval of detail records¬—in one integrated platform. It's simple, it's elegant, and it's better than any solution in the industry.

Drill down to see all the database transactions with the SELECT @INVENTORY method, for example.

With the new Explore appliance, we've built on the incredible advances in datastore technology that have taken place in recent years. It started with open-source relational databases such as MySQL and Postgres and continued with schema-less NoSQL datastores such as CouchDB and MongoDB. The technology that enables what is called Big Data is now commoditized—no longer proprietary black magic, but in everybody's hands. We've incorporated this technology for indexing, archiving, and searching schema-less data into our platform.

ExtraHop Explore appliances can be scaled out horizontally so that you can have as much drilldown or lookback as you want. The virtual Explore appliance is an economical option for customers with virtual infrastructure. With ExtraHop Explore and our per-node pricing model, our customers aren't burdened with any sort of data tax and aren't required to pay extra to index and store their own data.

"I can ask questions using search."

Besides offering better drilldown, version 5.0 of the ExtraHop platform also brings the ability to search for objects, such as applications, groups, networks, servers, and record details.

Now you can ask questions of your wire data. Want to see all PDF files transacted? Simply search transaction records for "pdf." ExtraHop makes it easy.

Many IT tasks rely on this type of bottom-up workflow, where you start with a specific user, host, file name, or URI and then investigate from that point. Say, for example, that you get a call from a user complaining about a broken application. If you have their username you can easily corroborate what they are telling you with observed activity on the wire and then investigate what might be causing that issue.

We've added a global search capability that's available from every page.

You also can compose sophisticated record queries easily with our interface. We've dubbed it a visual query language because you can create and refine elaborate queries simply by clicking UI elements.

Compose and refine queries without having to learn any query language.

There are many other one-more-thing capabilities that I could add, such as one-second resolution for metrics, Kerberos decoding, and Open Data Stream for Kafka. We continue to listen to our customers, and we're always on the lookout for opportunities to pleasantly surprise you.

Take a look at version 5.0 for yourself and you'll understand. Our online demo is fully interactive and enables you to explore the interface.